Thursday, May 26, 2011

Closing recent thread

I will close the GingerBreak post now since most commentsare meanwhile about particular versions or not related toAndroid OS at all. It turned out that GingerBreak workson Froyo, Gingerbread and Honeycomb. For some versions itneeds minor fixes like in the detecting-phase but overallit is a good and stable softbreak. Thanks to those whosent patches or test reports.Smartphone security and Android security in particular seemsto be the new hype (WTF?! HTTP is sending data inplaintext!?) and therefore it is about time tofall back to monitor-only mode. If you ever see a # on anAndroid device in future, always remember who was pioneer-ingexploit development on that platform and remember whereall these spin-offs came from.

I have had the choice of writing scientific papers about securityand exploits, or to code exploits. And I chose the latter.

I have edited your GingerBreak.c file to suit the needs of my phone, some directory paths were different.

I am stuck there as I have not the first clue how to compile C, I tried using GCC on my linux box but netlink.h and system_properties were missing, I came to the conclusion it had to be compiled in an android environment.

This is the changed version for my model of phone: http://pastebin.com/DER6StyM

Thanks for the GingerBreak, it works well on most Gingerbread builds. However, on Desire HD's new builds, you get "vold: xxxx GOT start: 0x00014360 GOT end: 0x000143a0", and then it freezes. I am talking about 2.37.xxx.x ROM builds. On WWE 2.36.405.8 it works great.

Thanks for taking the time to do this. I think it would be awesome if you would write a tutorial for the exploit, or put very detailed comments in the code as to what you're doing at each stage. I code walk-through of sorts. I know it's time consuming and doesn't really provide you much benefit, but I think it would really help the rest of us learn.

I try to write the code as clear as possible to need as few comments as possible. However, reading exploits(and writing too) is not that easysince a lot of magic is involvedwhich you only know when youdigged deep into the target.E.g. WTF is he calculating the idxthat way and why is he creating this file of that size here and not there?I have problems reading other folksexploits as well if I dont have the time to really zoom into thetarget vuln. To learn about exploitwriting I'd recommend the phrackarticles for example.

Many thanks for your work. I'd be grateful if anyone could point me to what should be the indexes and offsets that need to be changed. I do have an Android build system installed and can compile. However most of my programming is old school (fortran) and I now very little of C. My device is a Vizio VTAB 1008 running Gingerbread 2.3.2 build id GRH78C with CPU armeabi-v7a. Supposedly preproduction versions of this device was rooted before launch. However, none of the exploits I have tried so far seem to work. Thanks again.

try revolutionary.iothey seem to have a new vold exploit.getting the right offsets and indexescan be tricky - thats whyI dont favor memory smashing exploits in particular across a range ofdevices and OS versions

Icke -- Thanks for the reply and the pointer to the revolutionary.io site.

Are you referring to the new zergRush exploit? I did try that as well but with no luck. So far, every exploit has failed -- rageagainstthecage, gingerbreak, and zergRush. The software devs at Vizio must have really been on top of every exploit and have patched them as soon as possible.